XIP4003C is a very compact Intellectual Property (IP) core designed for efficient X25519 key exchange and Ed25519-based Edwards-curve Digital Signature Algorithm (EdDSA). XIP4003C implements arithmetic on Curve25519, and provides a security level of 128 bits. Curve25519 is used in numerous contemporary security protocols and applications, including TLS 1.3.
XIP4003C has been designed for easy integration with FPGA- and ASIC-based designs in a vendor-agnostic design methodology, and the functionality of XIP4003C does not rely on any FPGA manufacturer-specific features.
Curve25519 Key Exchange and Digital Signature IP Core
Overview
Key Features
- Minimal Resource Requirements: The entire XIP4003C requires less than 800 ALMs (Cyclone® 5) and uses only 1-2 multipliers/DSP Blocks2 and 1-2 internal memory block in a typical FPGA implementation.
- Constant Latency: The execution time of XIP4003C is independent of the key value, and consequently provides protection against timing-based side-channel attacks.
- Performance: Despite its small size, XIP4003C can support more than 100 key exchange or digital signature operations per second.
- Standard Compliance: XIP4003C is compliant with RFC7748, RFC8032, and the draft version of FIPS 186-5. XIP4003C can be used as a part of many public-key protocols including IKEv2 (RFC 8031) and TLS 1.3 (RFC 8446).
Benefits
- Fully digital design
- Portable to any ASIC or FPGA technology
- Fully standard compliant
- Easy to integrate
- Several bus interfaces available
- IP core designed in-house at Xiphera
- Technical support by the original designers and cryptographic experts
Block Diagram
Applications
- XIP4003C can be used in combination with other Xiphera IP cores to design an FPGA-based security solution. Possible use cases include:
- Using the TRNG IP core XIP8001B to supply the required number of random bits for secret key derivation by the HKDF IP core XIP3322B, whose result will be used by XIP4003C.
- Using XIP4003C to exchange the 128-bit secret key required for the AES-GCM -based communication with Xiphera IP cores XIP1111B, XIP1111H, XIP1113B and XIP1113H.
- Using XIP4003C with XIP3027C in digital signature generation and verification
- XIP4003C can also be used to offload microcontroller / -processor based designs, if a software-based implementation of Curve25519 arithmetic is too slow.
Deliverables
- XIP4003C can be shipped in a number of formats, including netlist, source code, or encrypted source code.
- Additionally, synthesis scripts, a comprehensive testbench, and a detailed datasheet including an integration guide are included.
Technical Specifications
Foundry, Node
Any
Maturity
Hardware Tested
Availability
Immediate
Related IPs
- Curve25519 Key Exchange IP Core
- xQlave® ML-KEM (Kyber) Key Encapsulation Mechanism IP core
- Advanced DPA- and FIA-resistant FortiMac HMAC SHA2 IP core
- DPA and FIA-Resistant Ultra-Compact FortiCrypt AES IP core
- DPA- and FIA-Resistant Balanced FortiCrypt AES IP Core
- DPA- and FIA-resistant Ultra High Bandwidth FortiCrypt AES IP core